Kwetsbaarheid

Adobe Coldfusion vulnerabilities

This live blog contains information regarding vulnerabilities in Adobe Coldfusion. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on July 20, 2023.

Clip path group@2x

T-Update

Informatie over kwetsbaarheden

This live blog contains information regarding vulnerabilities in Adobe Coldfusion. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on July 20, 2023.

Update 20 July 2023

17:30 | On the 11th, 14th, and 19th of July 2023, Adobe has released security bulletins regarding a total of seven vulnerabilities in the product Adobe Coldfusion. Three of the seven vulnerabilities are critical. The vulnerabilities are applicable to the following versions: ColdFusion 2018, ColdFusion 2021, and ColdFusion 2023.

The three security bulletins describe vulnerabilities that could lead to arbitrary code execution. Two out of the three security bulletins describe vulnerabilities that could lead to a security feature bypass.

WARNING: The earlier advice from Adobe regarding the workaround by enabling lockdown-mode can be bypassed by chaining multiple vulnerabilities. These are the so-called “security feature bypass” vulnerabilities.

There are software updates available to remediate the vulnerabilities. Our advice is to apply them as soon as possible.

Cyberveiligheid op maat

Achtergrond

On the 11th, 14th, and 19th of July 2023, Adobe has released security bulletins regarding a total of seven vulnerabilities in the product Adobe Coldfusion. Three of the seven vulnerabilities are critical. The vulnerabilities are applicable to the following versions: ColdFusion 2018, ColdFusion 2021, and ColdFusion 2023. The three security bulletins describe vulnerabilities that could lead to arbitrary code execution. Two out of the three security bulletins describe vulnerabilities that could lead to a security feature bypass.

Risico

The vulnerabilities CVE-2023-29298, CVE-2023-38203, and CVE-2023-38205 have a CVSSv3-score of 9.8. The CVSS-scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact. All three vulnerabilities are unauthenticated remote code execution vulnerabilities, allowing an unauthenticated remote attacker to execute code.

The vulnerabilities are exploited in the wild and there is also a proof-of-concept exploit publicly available.

Advies

The vulnerabilities CVE-2023-29300, CVE-2023-38203, and CVE-2023-38204 are related to extracting untrustworthy data without performing sufficient verification of the data. Below an overview of all vulnerabilities:
Security bulletin Vulnerability Category Vulnerability impact Severity CVSS base score CVE nummers
APSB23-40 Improper Access Control Security feature bypass Critical 7.5 CVE-2023-29298
APSB23-40 Deserialization of Untrusted Data Arbitrary code execution Critical 9.8 CVE-2023-29300
APSB23-40 Improper Restriction of Excessive Authentication Attempts Security feature bypass Important 5.9 CVE-2023-29301
APSB23-41 Deserialization of Untrusted Data Arbitrary code execution Critical 9.8 CVE-2023-38203
APSB23-47 Deserialization of Untrusted Data Arbitrary code execution Critical 9.8 CVE-2023-38204
APSB23-47 Improper Access Control Security feature bypass Critical 7.5 CVE-2023-38205
APSB23-47 Improper Access Control Security feature bypass Moderate 5.3 CVE-2023-38206

The following Adobe Coldfusion products and versions are vulnerable:

  • ColdFusion 2018 update 18 and earlier versions
  • ColdFusion 2021 update 8 and earlier versions
  • ColdFusion 2023 update 2 and earlier versions

Adobe has made software patches available for the vulnerabilities. We advise to patch immediately. The vulnerabilities are resolved in the following software versions:

  • Coldfusion 2018 update 19
  • Coldfusion 2021 update 9
  • Coldfusion 2023 update 3

WARNING: The earlier advice from Adobe regarding the workaround by enabling lockdown-mode can be bypassed by chaining multiple vulnerabilities. These are the so-called “security feature bypass” vulnerabilities.

Indicators are known and research is being conducted into the available logging regarding these indicators for existing customers by our Security Operations Center.

IP-addresses:

  • 62.233.50[.]13
  • 5.182.36[.]4
  • 195.58.48[.]155

Domains:

  • oastify[.]com
  • ckeditr[.]cfm

Bronnen

More information:

Ellipse 6

Schrijf je in voor T-Updates

Ontvang elke woensdag het laatste nieuws over malware of kwetsbaarheden in je mail

More than 1,000 organizations have already joined us.

Tesorion uses your data to send the requested information. In addition, your data may be used for commercial follow-up. You can unsubscribe from this at any time via the link in the email. For more information, read our privacy policy.

Opt-in-EN
Ellipse 6